SQL Injection Vulnerability in phpjabbers Business Directory Script
CVE-2023-41539

7.5HIGH

Key Information:

Vendor: PHPjabbers
Status: Business Directory Script
Vendor: CVE Published:; 30 August 2023

What is CVE-2023-41539?

The phpjabbers Business Directory Script version 3.2 is plagued by a vulnerability that enables SQL Injection through the column parameter. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access and extraction. Organizations using this script should assess their systems and implement corrective measures to mitigate the risks associated with this vulnerability.

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/mai...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
Aug 30, 2023

PHPjabbers

What is CVE-2023-41539?

References

CVSS V3.1

Timeline